Company name: BlackBerry.

Worker Sub-Type:

Regular
Job Description:

THE POSITION

BlackBerry Cylance is seeking an experienced Incident Response Consultant professional to join our expanding Incident Response practice. As part of the growing Consulting Services team, this position will have oversight and responsibility over assigned Incident Response engagements, Incident Response training programs, innovation of internal Cylance tools, and growing the IR practice overall.

WHO WE ARE LOOKING FOR

Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
Knowledge of and the ability to use popular EDR technologies during DFIR engagements
Experience analyzing a myriad of system and network logs using Splunk and/or ELK
Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
Ability to analyze PCAP data
Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
Ability to be client facing by interacting with our clients and their executive leadership
Creative problem-solving abilities and an analytic and qualitative eye for reasoning
Self-starter with a knack for taking initiative and “getting things done”
Must have a passion for your work and an ability to apply that passion to both daily tasks and larger projects
Ability to work with a remote team via collaboration tools (Chat, Email, and Video Conferences)
Strong documentation skills, ability to write executive and technical DFIR reports
Ability to prioritize and complete multiple tasks with little to no supervision
Intellectual curiosity, humility, accountability and positive approach
Ability to work independently with substantial latitude for action and decision while maintaining focus on achieving optimal outcomes as part of a collaborative development effort
Local, or willing to relocate to Plano, TX (relocation assistance provided)
ABOVE AND BEYOND

At least 3+ years of hands on client facing consulting experience or 5+ years of DFIR experience in a non-consulting environment
Proficient in either Python, Powershell and/or Go. Bonus points if you have a GitHub page.
Experience creating dashboards, writing Logstash filters, and performing complex searches within ELK
Experience writing Suricata rules with an emphasis on performance
Experience managing Bro installations and writing Bro scripts
Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
When an existing technology and/or process doesn’t exist to do something, you want, you are the kind of person that takes initiative and builds the technology or process
Job Family Group Name:

Professional Services & Consulting
Scheduled Weekly Hours:

40